WiFi Protected Setup PIN Brute Force Vulnerability Discovered
Attackers who try to brute force accounts to get system passwords have several options at hand to reduce the time it takes until passwords are found. Most nowadays test the passwords against a dictionary file containing commonly used passwords before they start to test all possible character combinations.
A WiFi Protected Setup (WPS) vulnerability has recently been discovered that reduces the brute forcing time significantly. The vulnerability can be exploited to find out when the first four digits of the eight digit pin are correct. Instead of having to try 108 possible combinations, attackers now have to try 104 + 103 combinations which reduces the attempts from 100 million to 11000 in total.
That's a significant reduction in attempts. Some wireless routers slow down brute force attempts automatically as a security precaution, others do not have those features implemented. The attack may also result in a denial of service condition according to information posted on the US-Cert website.
Attackers can exploit the vulnerability to brute force their way into wireless routers at a much faster pace than before.
The vulnerability can only be patched with a firmware update. While it is likely that newer models will receive an update eventually that patches the flaw, it is unlikely that all affected router models will receive one.
Computer users who are currently using WiFi Protected Setup should disable the feature and configure their router manually instead. It is recommended to switch to WPA2 encryption with a strong password. US-Cert furthermore recommends to disable UPnP and to enable Mac filtering. The latter may keep amateurs at bay, but not professionals.
The vulnerability disclosure page lists vendors that are affected by the vulnerability. The who is who includes D-Link, Netgear, Zyxel, Linksys or Belkin among others.
Setting up a router's wireless connection manually is a challenging experience for less than tech-savvy computer users.
Additional information about the vulnerability can be found at Stefan Viehböck's website. The author promised to release a brute force tool to demonstrate the impact of the vulnerability.Advertisement